Various improvements and functional enhancements are continuously being made to a public key cryptography that Diffie and Hellman developed in 1976.
Especially, being motivated by a public key cryptography called ID (Identifier)-based encryption publicized by Boneh and Franklin in 2001 that is based on pairings, notable amount of research on pairing methods have been done in recent years.
In 2010, the functional encryption which is a highly functional public key cryptography that uses the pairings was publicized, as in Non-Patent Literature 1.
Unlike conventional cipher, the functional encryption is an algorithm that is capable of expressing encryption using predicates, and includes a function that is the same as or more than an access control, for example.
As usage of the functional encryption, applying the functional encryption to a general access control may be considered.
If the functional encryption is applied to the access control, expressing a condition by concatenating IDs being unique in a system by a logical operator OR may be considered as the simplest way to use the functional encryption.
An expression such as “Mr. A or Mr. B or Mr. C or . . . ” is an example.
This expression, however, needs to use many logical operator OR.
Since encryption/decryption processing time in the functional encryption becomes longer in proportion to the number of logical operators, it is necessary to make an expression with less logical operators as possible.
In addition, when performing encryption using a group, it is necessary to consider how to allow decryption by a user newly added to the group.
For example, a case where data is encrypted with a condition such as “human resources division or general affairs division” will be considered.
It is assumed that members of the human resources division include Mr. A, Mr. B, and Mr. C at encryption.
When Mr. D is added to the human resources division, Mr. D is able to decrypt the encrypted data that was encrypted under the condition of “human resources division or general affairs division” because Mr. D belongs to the human resources division.
With regard to decryption by Mr. D, however, it is not taken into account that Mr. D was not in the human resources division at encryption.
For reliable encryption, the condition is necessary to be set as “Mr. A or Mr. B or Mr. C or . . . ”.
Unlike a conventional access control where a system administrator has control, in functional encryption, each user is able to set access control on a file.
As a result, unlike the system administrator who knows the most appropriate access control (providing predicates in the functional encryption), the user needs to be notified of a method to provide the most appropriate predicate as in the example above. An acceptable method, however, is not available.